Overview

overview

7

Static

static

7

394cd0d176...18.exe

windows7-x64

1

394cd0d176...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-05-2024 08:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    394cd0d1768d2bd339dbaa706fecd20a_JaffaCakes118.exe

  • Size

    5.3MB

  • MD5

    394cd0d1768d2bd339dbaa706fecd20a

  • SHA1

    76443441e41569c6ddf5f43d1051cc1eee473148

  • SHA256

    e6eeded081cf80f91ca00b55ad3088c6a6550abaf84c16dd17d20bad5b946ed3

  • SHA512

    1abe1c0938a179650caf8ce60b32174407ca6566975e24b79c2e427c024d2dfc90765c9c5c27a297dfabd755d3df5af9349c335bc792558636850ea5f6a4eb96

  • SSDEEP

    98304:jDL2yWQlwHwPmiE+E+JIn/+W3i7ptP4jAJggEYKTud10ZuBhRbGa9AbY5:SfQlrmi++JC/y7p1qAph0+RbGa9Ac5

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\394cd0d1768d2bd339dbaa706fecd20a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\394cd0d1768d2bd339dbaa706fecd20a_JaffaCakes118.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4628-0-0x00000001400FC000-0x0000000140424000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/4628-1-0x00007FF8EA450000-0x00007FF8EA452000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4628-3-0x0000000140000000-0x000000014097B000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/4628-2-0x00007FF8EA460000-0x00007FF8EA462000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4628-7-0x0000000140000000-0x000000014097B000-memory.dmp

    Filesize

    9.5MB

    Download

  • memory/4628-8-0x00000001400FC000-0x0000000140424000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/4628-9-0x0000000140000000-0x000000014097B000-memory.dmp

    Filesize

    9.5MB

    Download